ac28cdcaf015acbbcd60d12c0dc5f0c5860e97117464399c8aebb850d75c820c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ac28cdcaf015acbbcd60d12c0dc5f0c5860e97117464399c8aebb850d75c820c
Size

119KB
MD5

06f91a555bd8c07826b12cf6b35b83a0
SHA1

2f608fc340ace868ba2c7a7a94bb84900da0116f
SHA256

ac28cdcaf015acbbcd60d12c0dc5f0c5860e97117464399c8aebb850d75c820c
SHA512

a0f5c80f3607d6fd20bba052bdacc23290ba2ca23b47f26709178d9f1757e3e1f82dfea2d2975f0e9694b58cb97a92b1d1a6bd4fad39fe6de992f7aa0ba621a6
SSDEEP

3072:vbEgmHMzByynzB8XmyRzB86JyGzTmvQynC+kCz7WVyrbqgIFyxC/6tz05gX/A54O:IgmHGByyzB8Xmy1B86JyYTmvQyC+kCzG

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Files

ac28cdcaf015acbbcd60d12c0dc5f0c5860e97117464399c8aebb850d75c820c
.exe windows x86

b2dceb19c17d071fab38886f1d6852e9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

coredll

ord543
ord2
ord3
ord4
ord5
ord516
ord457
ord458
ord455
ord456
ord461
ord464
ord228
ord226
ord462
ord460
ord529
ord196
ord534
ord533
ord532
ord1241
ord1177
ord537
ord1231
ord495
ord553
ord555
ord1018
ord1094
ord1041
ord2652
ord1551
ord1580
ord2632
ord2009
ord2512
ord2656
ord1095
ord1047
ord2696
ord87
ord1054
ord1049
ord1876
ord1645
ord544

ole32

CoCreateInstance
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc

oleaut32

VarUI4FromStr

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX
Size: 57KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE